wiki:OpenFlow/Expedient

Version 5 (modified by Josh Smift, 8 years ago) (diff)

--

OpenFlow aggregates in GENI typically use Expedient as their aggregate manager, along with the Opt-In Manager. The OIM is currently packaged separately, but Expedient and the OIM each depend on the other.

Info for experimenters

The following sections are mostly of interest to GENI experimenters.

Opting in your traffic

If you allocate a shared resource that connects to an OpenFlow aggregate (e.g. a MyPLC plnode or ProtoGENI host), you'll typically also need to reserve some OpenFlow resources. When you do this, your reservation request goes to the Opt-In Manager, and a local Expedient OIM admin needs to approve your request before your sliver actually becomes live. The OIM admin isn't notified of your request, so you'll usually want to contact them to ask them to opt in your sliver. Here's a list of Expedient aggregates, and contact info for the OIM admins:

OpenFlow Aggregate info page Opt-In Manager admin
Clemson arosen@clemson.edu
Georgia Tech joonk@gatech.edu
GPO Lab gpo-infra@geni.net
Indiana? meylor@grnoc.iu.edu
Rutgers? seskar@winlab.rutgers.edu
Stanford deployment-help@openflowswitch.org
Washington? balkan@cs.washington.edu
Wisconsin agember@cs.wisc.edu

Info for admins

The following sections are mostly of interest to Expedient admins.

Slice Authority trust configuration

You may want to configure your Expedient AM to trust user certificates signed by additional Slice Authorities. To do that, install the CA cert for the Slice Authority in /etc/expedient/gcf-x509-trusted.crt/<authority>.crt (note that the name has to end in ".crt"), and then do

cd /etc/expedient/apache/ca-certs
sudo make

to create a symlink in /etc/expedient/apache/ca-certs pointing to it.

In particular, campus mesoscale deployments may want to trust the pgeni.gpolab.bbn.com SA; you can get the cert from http://www.pgeni.gpolab.bbn.com/ca-cert/pgeni.gpolab.bbn.com.pem.